libpod: configureNetNS() tear down on errors

Make sure to tear down the netns again on errors. This is needed when a later call fails and we do not have already stored the netns in the container state. [NO NEW TESTS NEEDED] My ginkgo-v2 PR will catch problem like this once merged. Fixes #18205 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
containers · May 23, 2023 · 97ec57d · 97ec57d
1 parent d812087
commit 97ec57d
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
@@ -592,6 +592,14 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS string) (status map[strin
 	if err != nil {
 		return nil, err
 	}
+	defer func() {
+		// do not forget to tear down the netns when a later error happened.
+		if rerr != nil {
+			if err := r.teardownNetworkBackend(ctrNS, netOpts); err != nil {
+				logrus.Warnf("failed to teardown network after failed setup: %v", err)
+			}
+		}
+	}()
 
 	// set up rootless port forwarder when rootless with ports and the network status is empty,
 	// if this is called from network reload the network status will not be empty and we should